Bug 1178683 (CVE-2020-25707)

Summary: VUL-0: CVE-2020-25707: kvm,qemu: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c
Product: [Novell Products] SUSE Security Incidents Reporter: Robert Frohl <rfrohl>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P3 - Medium CC: brogers, gianluca.gabrielli, security-team, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/271341/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-25707:6.0:(AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Robert Frohl 2020-11-11 15:29:35 UTC 
rh#1893895

An infinite loop issue was found in the e1000e NIC emulation code of QEMU. It could occur in the e1000e_write_packet_to_guest() routine while processing receive descriptor data if the address of the descriptor's data buffer was set to zero. A privileged guest user may exploit this issue to crash the QEMU process on the host, resulting in a denial of service.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1893895
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25707
Comment 1 Bruce Rogers 2021-03-21 01:54:10 UTC 
This is a duplicate of bsc#1179468.
Security team, I'll kick this back to you for next step.
Comment 3 OBSbugzilla Bot 2021-05-17 16:30:08 UTC 
This is an autogenerated message for OBS integration:
This bug (1178683) was mentioned in
https://build.opensuse.org/request/show/893798 Factory / qemu
Comment 4 OBSbugzilla Bot 2021-05-18 00:50:07 UTC 
This is an autogenerated message for OBS integration:
This bug (1178683) was mentioned in
https://build.opensuse.org/request/show/893865 Factory / qemu
Comment 5 OBSbugzilla Bot 2021-05-25 12:40:08 UTC 
This is an autogenerated message for OBS integration:
This bug (1178683) was mentioned in
https://build.opensuse.org/request/show/895371 Factory / qemu
Comment 10 Swamp Workflow Management 2021-06-02 19:23:08 UTC 
SUSE-SU-2021:1837-1: An update that solves 11 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1149813,1163019,1172380,1175534,1176681,1178683,1178935,1179477,1179484,1179725,1182846,1182975,1186290
CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-14364,CVE-2020-25085,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    qemu-3.1.1.1-51.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2021-06-08 16:37:15 UTC 
SUSE-SU-2021:1893-1: An update that solves 11 vulnerabilities, contains one feature and has two fixes is now available.

Category: security (important)
Bug References: 1149813,1163019,1172380,1175534,1176681,1178683,1178935,1179477,1179484,1182846,1182975,1183979,1186290
CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-14364,CVE-2020-25085,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419
JIRA References: SLE-17785
Sources used:
SUSE MicroOS 5.0 (src):    qemu-4.2.1-11.19.2
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    qemu-4.2.1-11.19.2
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    qemu-4.2.1-11.19.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2021-06-08 16:53:51 UTC 
SUSE-SU-2021:1894-1: An update that solves 11 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1094725,1149813,1163019,1172380,1172382,1175534,1178683,1178935,1179477,1181933,1182846,1182975
CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29130,CVE-2020-8608,CVE-2021-20221,CVE-2021-20257,CVE-2021-3419
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    qemu-2.9.1-6.50.1
SUSE OpenStack Cloud 8 (src):    qemu-2.9.1-6.50.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    qemu-2.9.1-6.50.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    qemu-2.9.1-6.50.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    qemu-2.9.1-6.50.1
HPE Helion Openstack 8 (src):    qemu-2.9.1-6.50.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2021-06-08 17:15:30 UTC 
SUSE-SU-2021:1895-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1149813,1163019,1172380,1172382,1175534,1178683,1178935,1179477,1179484,1182846,1182975
CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    qemu-2.11.2-9.46.1
SUSE Linux Enterprise Server 15-LTSS (src):    qemu-2.11.2-9.46.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    qemu-2.11.2-9.46.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    qemu-2.11.2-9.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2021-06-09 16:28:07 UTC 
SUSE-SU-2021:1918-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 1149813,1163019,1172380,1175534,1178683,1178935,1179477,1179484,1182846,1182975
CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    qemu-3.1.1.1-9.27.2
SUSE Manager Retail Branch Server 4.0 (src):    qemu-3.1.1.1-9.27.2
SUSE Manager Proxy 4.0 (src):    qemu-3.1.1.1-9.27.2
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    qemu-3.1.1.1-9.27.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    qemu-3.1.1.1-9.27.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    qemu-3.1.1.1-9.27.2
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    qemu-3.1.1.1-9.27.2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    qemu-3.1.1.1-9.27.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    qemu-3.1.1.1-9.27.2
SUSE Enterprise Storage 6 (src):    qemu-3.1.1.1-9.27.2
SUSE CaaS Platform 4.0 (src):    qemu-3.1.1.1-9.27.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2021-06-10 13:38:20 UTC 
SUSE-SU-2021:1942-1: An update that solves 14 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1149813,1163019,1175144,1175534,1176681,1178683,1178935,1179477,1179484,1179686,1181103,1182282,1182425,1182968,1182975,1183373,1186290
CVE References: CVE-2019-15890,CVE-2020-14364,CVE-2020-17380,CVE-2020-25085,CVE-2020-25707,CVE-2020-25723,CVE-2020-27821,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20263,CVE-2021-3409,CVE-2021-3416,CVE-2021-3419
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    qemu-5.2.0-17.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    qemu-5.2.0-17.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2021-06-10 13:47:37 UTC 
SUSE-SU-2021:1947-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1149813,1163019,1172380,1172382,1175534,1178683,1178935,1179477,1179484,1182846,1182975
CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    qemu-2.11.2-5.32.1
SUSE OpenStack Cloud 9 (src):    qemu-2.11.2-5.32.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    qemu-2.11.2-5.32.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    qemu-2.11.2-5.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2021-07-11 14:07:23 UTC 
openSUSE-SU-2021:1942-1: An update that solves 14 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1149813,1163019,1175144,1175534,1176681,1178683,1178935,1179477,1179484,1179686,1181103,1182282,1182425,1182968,1182975,1183373,1186290
CVE References: CVE-2019-15890,CVE-2020-14364,CVE-2020-17380,CVE-2020-25085,CVE-2020-25707,CVE-2020-25723,CVE-2020-27821,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20263,CVE-2021-3409,CVE-2021-3416,CVE-2021-3419
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-5.2.0-17.1
Comment 19 Swamp Workflow Management 2021-07-14 01:18:17 UTC 
openSUSE-SU-2021:1043-1: An update that solves 14 vulnerabilities, contains one feature and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1149813,1163019,1172380,1175534,1176681,1178683,1178935,1179477,1179484,1182846,1182975,1183979,1184574,1185591,1185981,1185990,1186010,1186290,1187013
CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-14364,CVE-2020-25085,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419,CVE-2021-3544,CVE-2021-3545,CVE-2021-3546
JIRA References: SLE-17785
Sources used:
openSUSE Leap 15.2 (src):    qemu-4.2.1-lp152.9.16.2, qemu-linux-user-4.2.1-lp152.9.16.1, qemu-testsuite-4.2.1-lp152.9.16.7
Comment 20 Swamp Workflow Management 2021-08-03 16:21:43 UTC 
SUSE-SU-2021:14772-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1173612,1174386,1178683,1180523,1181933,1186473,1187364,1187367
CVE References: CVE-2020-11947,CVE-2020-15469,CVE-2020-15863,CVE-2020-25707,CVE-2021-20221,CVE-2021-3416,CVE-2021-3592,CVE-2021-3594
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kvm-1.4.2-60.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Swamp Workflow Management 2021-08-06 13:34:27 UTC 
SUSE-SU-2021:14774-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1031692,1173612,1174386,1178683,1180523,1181933,1186473,1187364,1187367
CVE References: CVE-2020-11947,CVE-2020-15469,CVE-2020-15863,CVE-2020-25707,CVE-2021-20221,CVE-2021-3416,CVE-2021-3592,CVE-2021-3594
JIRA References: 
Sources used:
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kvm-1.4.2-53.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.